Advanced Phishing Attack Sandbox

Visualization of the complete attack kill chain from initial compromise to data exfiltration

Attacker Infrastructure
Victim Assets
Compromised Systems
Data Exfiltration

Attacker

C2: 185.143.223.47

Phishing Server

aliyun-support[.]com

Malicious Doc

阿里云安全报告_v2023.pdf

Employee

user@company.com

Workstation

Cobalt Strike Beacon

SSH Server

10.0.0.5

Database

10.0.1.10

Step 1: Initial Phishing

Step 1: Initial Phishing

Technical Details

  • Email subjects: "紧急通知:阿里云账号异常登录提醒"
  • Body mimics official Alibaba Cloud communications
  • Contains malicious attachment or phishing link
  • Spoofed sender: security@alibaba-inc.com

MITRE ATT&CK Mapping

T1566.001 Spearphishing Attachment
T1598 Phishing for Information

Made with DeepSite LogoDeepSite - 🧬 Remix